0byt3m1n1
Path:
/
data
/
applications
/
aps
/
mantis
/
1.1.1-6
/
standard
/
htdocs
/
[
Home
]
File: lost_pwd.php
<?php # Mantis - a php based bugtracking system # Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org # Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net # Mantis is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # Mantis is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Mantis. If not, see <http://www.gnu.org/licenses/>. # -------------------------------------------------------- # $Id: lost_pwd.php,v 1.7.2.1 2007-10-13 22:33:21 giallu Exp $ # -------------------------------------------------------- # ====================================================================== # Author: Marcello Scata' <marcelloscata at users.sourceforge.net> ITALY # ====================================================================== require_once( 'core.php' ); # lost password feature disabled or reset password via email disabled -> stop here! if( OFF == config_get( 'lost_password_feature' ) || OFF == config_get( 'send_reset_password' ) || OFF == config_get( 'enable_email_notification' ) ) { trigger_error( ERROR_LOST_PASSWORD_NOT_ENABLED, ERROR ); } # force logout on the current user if already authenticated if( auth_is_user_authenticated() ) { auth_logout(); } $f_username = gpc_get_string('username'); $f_email = gpc_get_string('email'); $f_email = email_append_domain( $f_email ); email_ensure_valid( $f_email ); $c_username = db_prepare_string( $f_username ); $c_email = db_prepare_string( $f_email ); $t_user_table = config_get( 'mantis_user_table' ); # @@@ Consider moving this query to user_api.php $query = 'SELECT id FROM ' . $t_user_table . ' WHERE username = \'' . $c_username . '\' AND email = \'' . $c_email . '\' AND enabled=1'; $result = db_query( $query ); if ( 0 == db_num_rows( $result ) ) { trigger_error( ERROR_LOST_PASSWORD_NOT_MATCHING_DATA, ERROR ); } if( is_blank( $f_email ) ) { trigger_error( ERROR_LOST_PASSWORD_NO_EMAIL_SPECIFIED, ERROR ); } $row = db_fetch_array( $result ); $t_user_id = $row['id']; if( user_is_protected( $t_user_id ) ) { trigger_error( ERROR_PROTECTED_ACCOUNT, ERROR ); } if( !user_is_lost_password_request_allowed( $t_user_id ) ) { trigger_error( ERROR_LOST_PASSWORD_MAX_IN_PROGRESS_ATTEMPTS_REACHED, ERROR ); } $t_confirm_hash = auth_generate_confirm_hash( $t_user_id ); email_send_confirm_hash_url( $t_user_id, $t_confirm_hash ); user_increment_lost_password_in_progress_count( $t_user_id ); $t_redirect_url = 'login_page.php'; html_page_top1(); html_page_top2(); ?> <br /> <div align="center"> <table class="width50" cellspacing="1"> <tr> <td class="center"> <b><?php echo lang_get( 'lost_password_done_title' ) ?></b> </td> </tr> <tr> <td> <br/> <?php echo lang_get( 'reset_request_in_progress_msg' ) ?> <br/><br/> </td> </tr> </table> <br /> <?php print_bracket_link( 'login_page.php', lang_get( 'proceed' ) ); ?> </div> <?php html_page_bottom1a( __FILE__ ) ?>